Congress Extends Cybercrime Laws

The legislation would make it a felony to use spyware or keystroke loggers to damage ten or more computers and allow up to ten years imprisonment.

Congress passed a bill this week to crack down on cybercrime after adding an amendment containing most of an anti-spyware bill.

The U.S. House of Representatives approved the bill -- H.R. 5938 -- Monday. The amendment -- part of Senate bill S. 2168 -- expands the ability of the federal government to prosecute identity theft crimes and allows victims to obtain restitution for the time and money they spend trying to restore their credit. The legislation, which must be signed by President George W. Bush, allows a fine and up to five years imprisonment for spyware.

The amendment closes a loophole on existing identity theft laws that only allowed federal prosecution if the perpetrator used interstate or foreign communications to access a computer, except in cases involving federal government computers or financial institutions. If the President signs the bill into law, federal prosecutors would be able to pursue cases in which the computers of the perpetrator and victim are in the same jurisdiction.

The amendment criminalizes the use of malicious spyware and keystroke loggers to damage a computer, by eliminating a requirement that the loss exceed $5,000 and making it a misdemeanor to send spyware that causes any loss. Perpetrators would face fines and up to one year in prison.

The legislation would make it a felony to use spyware or keystroke loggers to damage ten or more computers and allow up to ten years imprisonment.

The bill makes it a crime to threaten to obtain, delete, or release data from a computer or to threaten to crash a computer. It also criminalized cyber extortion by making it a crime to demand money in relation to a protected computer. Violators would face up to five years in prison for the first offense and up to ten years for a second offense.

Finally, the bill adds a conspiracy charge to cybercrime laws and allows forfeiture of property used to commit cybercrimes.

"We appreciate the attention that Congress is giving to the important issues of combating identity theft and the proliferation of malicious spyware, and we support the approach taken in this legislation," Mike Zaneis, VP of Public Policy at the IAB. "The passing of this bill supports the interactive advertising industry's goal of increasing enforcement actions against bad actors whose criminal activity can tarnish the reputation of the online advertising industry."

"The threat of having consumers' identities stolen and the proliferation of spyware can erode consumer confidence in the Internet and undermines legitimate advertising and e-mail practices," Zaneis said. "IAB endorses the approach taken by Congress, which appropriately targets illegitimate conduct and provides law enforcement agencies with additional tools and resources to bring these criminals to justice. The language passed by Congress strikes the appropriate balance between the need for effective law enforcement and protection of legitimate industry practices."

The 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?